| chat.freenode.net #tryton log beginning Sat Sep 6 00:00:01 CEST 2014 | ||
| 2014-09-06 00:30 -!- cedk(~ced@gentoo/developer/cedk) has joined #tryton | ||
| 2014-09-06 02:58 -!- alisonken1home(~alisonken@pool-71-104-227-211.lsanca.dsl-w.verizon.net) has joined #tryton | ||
| 2014-09-06 04:03 -!- digitalsatori(~Thunderbi@116.234.181.110) has joined #tryton | ||
| 2014-09-06 06:40 -!- frispete(~frispete@p54A91320.dip0.t-ipconnect.de) has joined #tryton | ||
| 2014-09-06 07:02 -!- yangoon1(~mathiasb@p549F2F3E.dip0.t-ipconnect.de) has joined #tryton | ||
| 2014-09-06 08:03 -!- pobsteta(~Thunderbi@4cb54-3-88-160-87-54.fbx.proxad.net) has joined #tryton | ||
| 2014-09-06 09:10 -!- vernichon(~Thunderbi@gex01-1-78-234-55-95.fbx.proxad.net) has joined #tryton | ||
| 2014-09-06 09:14 -!- cedk(~ced@gentoo/developer/cedk) has joined #tryton | ||
| 2014-09-06 09:36 -!- pobsteta(~Thunderbi@4cb54-3-88-160-87-54.fbx.proxad.net) has joined #tryton | ||
| 2014-09-06 09:43 -!- pobsteta(~Thunderbi@4cb54-3-88-160-87-54.fbx.proxad.net) has joined #tryton | ||
| 2014-09-06 09:55 -!- vernichon(~Thunderbi@gex01-1-78-234-55-95.fbx.proxad.net) has joined #tryton | ||
| 2014-09-06 11:08 -!- rpit(~ralf@dslb-088-071-239-252.088.071.pools.vodafone-ip.de) has joined #tryton | ||
| 2014-09-06 11:10 -!- digitalsatori(~Thunderbi@116.234.181.110) has joined #tryton | ||
| 2014-09-06 12:39 -!- duesenfranz(~jona@chello213047255061.tirol.surfer.at) has joined #tryton | ||
| 2014-09-06 12:40 <duesenfranz> what is the purpose of tools/misc:safe_eval? | ||
| 2014-09-06 12:40 <duesenfranz> https://github.com/tryton/trytond/blob/feeea16ec199441e558511cf74f9353260f8ae55/trytond/tools/misc.py#L371 | ||
| 2014-09-06 12:40 <duesenfranz> altough i can search for uses, I don't really get where the code that gets run comes from | ||
| 2014-09-06 12:41 <duesenfranz> (altough propably from the database / reports, as far as I could see) | ||
| 2014-09-06 12:43 <duesenfranz> cedk: because I think writing a safe_eval function is probably not possible, and also this function isn't really safe | ||
| 2014-09-06 14:05 <cedk> duesenfranz: it is as safe as possible, if you find an issue please report | ||
| 2014-09-06 14:07 <cedk> duesenfranz: also it uses as few as possible and only on data from source file or authenticated user | ||
| 2014-09-06 14:12 <duesenfranz> well, I found an issue, and I'm quite sure there can always be others | ||
| 2014-09-06 14:13 <duesenfranz> however, I would be happy to provide you with a pastebin that gets eval'd happily and crashes the compiler | ||
| 2014-09-06 14:13 <duesenfranz> segfaults | ||
| 2014-09-06 14:13 <duesenfranz> or run arbitrary commands, if you will | ||
| 2014-09-06 14:13 <duesenfranz> cedk: | ||
| 2014-09-06 14:15 <duesenfranz> but to be honest, in my opinion, having a function that wraps 'eval' and has 'safe_' in its name is just a bad idea | ||
| 2014-09-06 14:30 <Pilou> don't hesitate to open a bug report | ||
| 2014-09-06 14:35 <duesenfranz> what would the priority of such a thing be? this generally means an authenticated user can overtake the server, I think | ||
| 2014-09-06 14:38 -!- hiaselhans(~Thunderbi@91.141.4.154.wireless.dyn.drei.com) has joined #tryton | ||
| 2014-09-06 14:42 -!- kstenger(~karla@200.124.209.158) has joined #tryton | ||
| 2014-09-06 14:52 -!- rpit(~ralf@dslb-088-071-239-252.088.071.pools.vodafone-ip.de) has joined #tryton | ||
| 2014-09-06 14:56 <duesenfranz> well, here it is https://bugs.tryton.org/issue4155 | ||
| 2014-09-06 15:21 <Pilou> duesenfranz: FYI security issues are not visible by everyone (https://groups.google.com/forum/#!topic/tryton/T2Y36z6VhoA) | ||
| 2014-09-06 15:25 <duesenfranz> Pilou: thanks... so just "trusted" developers? | ||
| 2014-09-06 15:26 <Pilou> and package maintainers | ||
| 2014-09-06 15:33 <duesenfranz> will such things be discussed within the bug report or at some mailing list I can't access? | ||
| 2014-09-06 15:38 <Pilou> i guess the bug report | ||
| 2014-09-06 15:56 <duesenfranz> ok thanks | ||
| 2014-09-06 15:59 <kstenger> is any of you familiar with the new format of the configuration file for tryton? I've been able to set up some values correctly but others seem to be missing because when I log in to my client the server fails when tryigng to register the database to the pool | ||
| 2014-09-06 16:00 <kstenger> before I had an admin password, now I set it up as super_pwd inside the [session] group | ||
| 2014-09-06 16:01 <kstenger> but I think something is missing when it tries to connect to the database | ||
| 2014-09-06 16:05 <Pilou> kstenger: could you paste your config file ? | ||
| 2014-09-06 16:05 -!- cedk(~ced@gentoo/developer/cedk) has joined #tryton | ||
| 2014-09-06 16:09 <kstenger> http://ur1.ca/i4qgs | ||
| 2014-09-06 16:11 <Pilou> kstenger: how do you run trytond ? | ||
| 2014-09-06 16:11 <kstenger> python /root/test-karla/trytond/bin/trytond -c=/root/test-karla/trytond/etc/trytond.conf | ||
| 2014-09-06 16:13 <kstenger> as root | ||
| 2014-09-06 16:14 <Pilou> (you should not run trytond as root but it's another subject) | ||
| 2014-09-06 16:14 <kstenger> I know, it's just how the setup is for now | ||
| 2014-09-06 16:14 -!- digitalsatori(~Thunderbi@116.234.181.110) has joined #tryton | ||
| 2014-09-06 16:15 <kstenger> for now I just need to get this config file to work :) | ||
| 2014-09-06 16:15 <Pilou> did you initialize a database using "-d dbname -i all" first ? | ||
| 2014-09-06 16:15 <kstenger> uh oh | ||
| 2014-09-06 16:15 <kstenger> yeah... that should be it, let me check | ||
| 2014-09-06 16:16 <Pilou> you could use the tryton client too using (File, Database, New Database) | ||
| 2014-09-06 16:16 <kstenger> but, -u all, unless I need -i for some specific, right? | ||
| 2014-09-06 16:16 <kstenger> no, I would like to just update this database | ||
| 2014-09-06 16:17 <cedk> kstenger: fixed with chnageset b5be096a6b33 | ||
| 2014-09-06 16:18 <kstenger> cedk: what was fixed? I just updated yesterday to the latest and my config files went useless | ||
| 2014-09-06 16:19 <Pilou> kstenger: cedk pushed a fix just now | ||
| 2014-09-06 16:19 <kstenger> oh, ok let's try | ||
| 2014-09-06 16:20 <kstenger> what should i expect then? | ||
| 2014-09-06 16:20 <Pilou> no popup and no traceback ;) | ||
| 2014-09-06 16:22 <kstenger> ok i see I also have to place the -c flag when updating the database... so far goes well | ||
| 2014-09-06 17:00 -!- smarro(~sebastian@190.105.93.196) has joined #tryton | ||
| 2014-09-06 18:02 -!- smarro(~sebastian@190.105.93.196) has joined #tryton | ||
| 2014-09-06 19:05 -!- jcm(~jcm@cxr69-10-88-172-230-130.fbx.proxad.net) has joined #tryton | ||
| 2014-09-06 19:41 -!- nicoe(~nicoe@91.179.31.70) has joined #tryton | ||
| 2014-09-06 20:25 -!- Telesight(~anthony@77-175-159-159.FTTH.ispfabriek.nl) has joined #tryton | ||
| 2014-09-06 21:17 -!- uranus(~uranus@ool-182fa854.dyn.optonline.net) has joined #tryton | ||
| 2014-09-06 23:27 -!- duesenfranz(~jona@chello213047255061.tirol.surfer.at) has joined #tryton |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!